From dad8768685efbdac799e53000fc5dfae32ab8e4b Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Thu, 12 Oct 2006 18:40:41 +0000 Subject: [PATCH] r1248: Fixing a SQL injection on login.php --- docs/changes.txt | 4 ++++ login.php | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 724a60c..16c75fb 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -1,3 +1,7 @@ +1.1.2 +=============================== +- Fixed a SQL injection on login.php (http://www.bluestatic.org/bugs/showreport.php?bugid=36) + 1.1.1 =============================== - Registration email functions do not work because they are not ISSO2/Mail compatible [register.php] diff --git a/login.php b/login.php index d7abdda..583988f 100755 --- a/login.php +++ b/login.php @@ -2,7 +2,7 @@ /*=====================================================================*\ || ################################################################### || # Bugdar [#]version[#] -|| # Copyright ©2002-[#]year[#] Blue Static +|| # Copyright 2002-[#]year[#] Blue Static || # || # This program is free software; you can redistribute it and/or modify || # it under the terms of the GNU General Public License as published by @@ -62,7 +62,7 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin') $url = 'index.php'; } - $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->in['email'] . "'"); + $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->input_escape('email') . "'"); if (md5(md5($bugsys->in['password']) . md5($userinfo['salt'])) == $userinfo['password']) { if (!$bugsys->userinfo['userid']) -- 2.43.5